Hi Everyone,
On April 11, 2019, the US-CERT reports in its Vulnerability Note VU#192371 that multiple Virtual Private Network (VPN) applications store the authentication and/or session cookies insecurely in memory and/or log files.
None of the Sophos VPN clients logs, or otherwise expose, session cookies to non-administrative users.
If an attacker were to gain access to a session cookie, they can replay the session and bypass other authentication methods as if it is the correct password. In the case of all Sophos VPN clients, authentication information is kept in memory and may, therefore, be accessible to local administrator users, capable of directly examining process memory.
Without 2 Factor Authentication (2FA), an attacker would then have access to the same applications that the user does through their VPN session. However, in 2FA configurations, the 2nd authentication factor is not available in memory which means that it protects against this type of attack.
Please visit the below KBA for more details.
Sophos response to VU#192371 VPN applications insecurely store session cookies
This thread was automatically locked due to age.